logo_kerberos.gif

Difference between revisions of "Release 1.11"

From K5Wiki
Jump to: navigation, search
 
(7 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
== Developer experience ==
 
== Developer experience ==
   
* Use default keytab for gss_init_sec_context when available
 
  +
* [[Projects/APIs_for_keytab_and_cccol_content]]
* Importing and exporting of GSS creds (useful for async GSS proxy)
 
 
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
 
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
  +
* [[Projects/Input_CCache]]
  +
* [[Projects/Interposer_Mechanism]]
  +
* [[Projects/Responder]]
  +
* [[Projects/Password_response_item]]
 
* Documentation consolidation
 
* Documentation consolidation
   
Line 20: Line 25:
   
 
* Documentation consolidation
 
* Documentation consolidation
  +
* [[Projects/Credential_Store_extensions]] -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
  +
* [[Projects/Extensible_Policy]]
  +
* Support distinct client time offsets per realm (expecting contribution)
   
 
== Administrator experience ==
 
== Administrator experience ==
   
* [[Projects/Trust KDC-local name resolution]]
 
  +
* [[Projects/Keytab_ccache_name_parameters]] -- Add parameterized substitution for default keytab and ccache names
  +
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* Documentation consolidation
 
* Documentation consolidation
Line 29: Line 38:
 
== Performance ==
 
== Performance ==
   
* Improve (or eliminate) KDC lookaside cache
+
* Improve (or eliminate) KDC lookaside cache (done)
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* Authorization data -- conditional on IETF consensus
 
  +
* Enable Camellia encryption
** Authorization data container with multiple verifiers (CAMMAC)
 
** POSIX directory info in authorization data (PAD)
 
** Level of Assurance in authorization data
 
** Site-defined string-keyed claims in authorization data
 
** X.509 attributes in authorization data
 
* FAST preauth sets (e.g. OTP + long-term password)
 

Latest revision as of 12:49, 2 November 2012

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2012 -- make release branch
  • Dec. 2012 -- final release

Code quality

Developer experience

End-user experience

Administrator experience

Performance

  • Improve (or eliminate) KDC lookaside cache (done)

Protocol evolution

  • Enable Camellia encryption